Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Posted by timothy on from the oy-oy-oy dept.

The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.

5 of 318 comments (clear)

  1. I sure as hell saw that coming by Plumpaquatsch · · Score: 4, Funny

    That ultimately the BASH vulnerability would be used to blame Apple for bad security.

    --
    Of course news about a fake are Fake News.
  2. Re:I love it. by ColdWetDog · · Score: 1, Funny

    And every time I boot my Windows 7 VM the OS is complaining that it needs to be updated, third party programs are complaining they need to be updated. Hell, my pet Botnets are complaining they need to be updated.

    Welcome to our world.

    --
    Faster! Faster! Faster would be better!
  3. Re:"could be worse than Heartbleed" by Anonymous Coward · · Score: 2, Funny

    But I use systemd for my dhcp. Why the hell would anyone use scripts for dhcp or any other startup services? This isn't the fucking 80s anymore.

    LOL's on you. I use systemd for my systemd. Why the hell would anyone use systemd for systemd or any other systemd? This isn't the systemding 80s anymore.


    systemd

  4. Re:I love it. by chipschap · · Score: 5, Funny

    These days, Windows is the faster, more stable, and more secure choice.

    Yes, Windows 8 has definitely demonstrated awesome superiority and everyone loves it.

  5. Re:Preempting dumb discussion by ray-auch · · Score: 5, Funny

    Perhaps we should just be completely accurate and say: Linux is not vulnerable. GNU/Linux _is_ vulnerable. At least we keep RMS happy :-)